I sent two files. These showed up right after the scan. i will also copy from Notebook.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-04-2022
Ran by Dana (administrator) on DANA-PC (LENOVO 20BX001EUS) (15-04-2022 08:40:20)
Running from C:\Users\Dana\Downloads
Loaded Profiles: Dana
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1645 (X64) Language: English (United States)
Default browser: Brave
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\SoundTouchHelper.exe
(Acronis International GmbH -> Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Bose Corporation) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch Music Server.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe
(C:\Program Files (x86)\Realtek\Realtek Bluetooth Profile\BTDevMgr.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth Profile\BTServer.exe
(C:\Program Files (x86)\Realtek\Realtek Bluetooth Profile\BTServer.exe ->) (Realtek Semiconductor Corp -> ) C:\Program Files (x86)\Realtek\Realtek Bluetooth Profile\SkypePlugin.exe
(C:\Program Files (x86)\Sierra Wireless Inc\LENOVO MBIM Toolkit\FirmwareUpdaterService.exe ->) (Intel(R) MBIM Toolkit -> ) C:\Program Files (x86)\Sierra Wireless Inc\LENOVO MBIM Toolkit\FirmwareApp.exe
(C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe ->) (IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe <2>
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ->) (Synaptics Incorporated -> Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(C:\Program Files\Tablet\Wacom\WacomHost.exe ->) (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCopyAccelerator.exe
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe <2>
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(DriverStore\FileRepository\fn.inf_amd64_700aca387f1cbd51\driver\tphkload.exe ->) (Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN11CD~1.INF\driver\shtctky.exe
(DriverStore\FileRepository\fn.inf_amd64_700aca387f1cbd51\driver\tphkload.exe ->) (Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN11CD~1.INF\driver\tpnumlkd.exe
(DriverStore\FileRepository\fn.inf_amd64_700aca387f1cbd51\driver\tphkload.exe ->) (Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN11CD~1.INF\driver\tposd.exe
(explorer.exe ->) (Acronis International GmbH -> Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(explorer.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe
(explorer.exe ->) (Fortemedia Inc -> ) C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(explorer.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\56.0.11.0\crashpad_handler.exe <2>
(explorer.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\56.0.11.0\GoogleDriveFS.exe <7>
(explorer.exe ->) (IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek semiconductor) C:\Windows\RTFTrack.exe
(explorer.exe ->) (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(services.exe ->) (Acronis International GmbH -> Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(services.exe ->) (Acronis International GmbH -> Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(services.exe ->) (Acronis International GmbH -> Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(services.exe ->) (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(services.exe ->) (CONDUSIV TECHNOLOGIES -> Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(services.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
(services.exe ->) (IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\TPMProvisioningService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel(R) MBIM Toolkit -> ) C:\Program Files (x86)\Sierra Wireless Inc\LENOVO MBIM Toolkit\FirmwareUpdaterService.exe
(services.exe ->) (Intel(R) Modem Authenticator -> Intel Mobile Communications) C:\Program Files (x86)\Intel Mobile Communications\ModemAuthenticator\IntelModemAuthenticator.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_700aca387f1cbd51\driver\tphkload.exe
(services.exe ->) (Lenovo -> Lenovo Group Limited) C:\Windows\SysWOW64\Lenovo\PowerMgr\EasyResume.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(services.exe ->) (Protexis Inc. -> Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(services.exe ->) (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(services.exe ->) (Realtek Semiconductor Corp -> ) C:\Program Files (x86)\Realtek\Realtek Bluetooth Profile\BTDevMgr.exe
(services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth Profile\AvrcpService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(services.exe ->) (Sierra Wireless, Inc -> Sierra Wireless, Inc.) C:\Program Files\Sierra Wireless Inc\Utils\SwiService.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Windows\System32\Wacom_Tablet.exe
(services.exe ->) (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(svchost.exe ->) (Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2203.4603.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(valWbioSyncSvc.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Program Files\Synaptics\SynFP\Shared\SensorDBSynch.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5166872 2016-07-13] (Realtek Semiconductor Corp -> Realtek semiconductor)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] (Fortemedia Inc -> )
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [516928 2013-02-15] (Acronis International GmbH -> Acronis)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth Profile\BTServer.exe [230104 2015-07-10] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [54176 2019-12-02] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6382144 2014-03-06] (Acronis International GmbH -> Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis International GmbH -> Acronis)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [745472 2009-02-10] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [77824 2007-10-30] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2976256 2018-01-19] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [SoundTouchHelper] => C:\Program Files (x86)\SoundTouch\SoundTouchHelper\SoundTouchHelper.exe [952832 2018-02-09] () [File not signed]
HKLM-x32\...\Run: [SoundTouch Music Server] => C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch Music Server.lnk [2118 2018-03-28] () [File not signed]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.) [File not signed]
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [378280 2022-03-02] (EXPRSVPN LLC -> ExpressVPN)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\56.0.11.0\GoogleDriveFS.exe [53664656 2022-03-30] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\56.0.11.0\GoogleDriveFS.exe [53664656 2022-03-30] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\Run: [Amazon Music Helper] => C:\Users\Dana\AppData\Local\Amazon Music\Amazon Music Helper.exe [3977704 2017-09-09] (Amazon Services LLC -> Amazon Services LLC)
HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\Run: [Amazon Music] => C:\Users\Dana\AppData\Local\Amazon Music\Amazon Music.exe [23175656 2017-09-09] (Amazon Services LLC -> Amazon Services LLC)
HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [36705520 2022-04-07] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\56.0.11.0\GoogleDriveFS.exe [53664656 2022-03-30] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe [851880 2022-03-02] (EXPRSVPN LLC -> ExpressVPN)
HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\RunOnce: [Application Restart #2] => C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe [2671608 2022-04-14] (Brave Software, Inc. -> Brave Software, Inc.)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\56.0.11.0\GoogleDriveFS.exe [53664656 2022-03-30] (Google LLC -> Google, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\100.0.4896.127\Installer\chrmstp.exe [2022-04-14] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\100.1.37.116\Installer\chrmstp.exe [2022-04-15] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] ->
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] ->
Startup: C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2020-10-01]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {026843FD-CC0D-4770-8BB8-787CBD190916} - System32\Tasks\{F3FCC309-FA6F-4296-B76B-DAE05C9EC81F} => C:\Users\Dana\AppData\Local\Amazon Music\Amazon Music.exe [23175656 2017-09-09] (Amazon Services LLC -> Amazon Services LLC)
Task: {0631C81F-5345-404C-88C0-7CE4EA62C44A} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1897824 2022-03-09] (Lenovo -> )
Task: {0BDA5F60-AB51-47F5-A444-165E05AB98CA} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {0CB2C931-A71B-4E04-9834-7E3C0B02606D} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {0E97E6C5-0897-4DCF-85C1-971FC51F6B1F} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {120BC043-C84E-43F3-8766-C5ACC180787D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {17E9E77D-F28F-42FE-BD6C-143A92126B25} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1E9E6218-01CD-4EEC-8A93-2F95F7A6D5C0} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\1e4f7002-5308-4b57-9d37-5a4842034e68 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {1FB7DAE7-56D5-4A36-8BF4-B36F412B12FC} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [39920 2018-10-24] (Garmin International, Inc. -> )
Task: {28852DD2-8F71-4DA4-A1B1-BAF46911EA4D} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe /RestartRecording (No File)
Task: {29A09521-8ADE-412F-BA28-6305C84005C4} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\6f79bdd5-82ef-4cf9-b12e-9f27695b7ad1 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {2D330DD3-AF2B-45C8-B413-132D9E2711BE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2016-01-01] (Google Inc -> Google Inc.)
Task: {2DEE644D-28F4-449F-AB21-B07C71C6A2C3} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {3070EBE4-F104-437C-AFDE-1612860AFF8C} - System32\Tasks\{2D2166C5-B880-48C8-859C-F2901FDB9AA4} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.18.0.109/en/abandoninstall?source=lightinstaller&page=tsInstall
Task: {3A66B181-DD7B-41BF-8074-7167E1D82486} - System32\Tasks\CCleanerSkipUAC - Dana => C:\Program Files\CCleaner\CCleaner.exe [30836464 2022-04-07] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {44CDD5E8-FF8E-4E15-8E71-64E2F1F8E2EC} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {464B062B-7A6B-423E-B366-5885B7445A69} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {47CF58C4-9648-4E1B-B43B-E4EF2781DC2F} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618088 2020-07-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {552533A4-804C-41BA-9D76-23B9CC4AE725} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {5A110A4C-826D-48EC-9830-439633731974} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5BA029F9-D01C-4577-A2A2-882C0D1CAF58} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-10-10] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {64F946DF-B88F-44D1-AA65-8C578918E499} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {65F3FADF-F417-423A-8AFB-3551FDD3A5C4} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {6659B3F5-6776-486F-899D-24603EC8B3B8} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [114112 2021-12-03] (Lenovo -> Lenovo)
Task: {680CD3C2-E3A3-43B2-84B5-657CD6D79DFB} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618088 2020-07-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {6F41B727-F50D-4CC0-B1D0-1EB82177AC7F} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {7BCACE3E-72C8-40DE-AC1C-A8F8FE14F554} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {7E290F0A-7947-41C4-BA8F-5BEDAC807FBB} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {8AC6D58D-9E53-4C7F-9289-E86B9D9AF239} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe -crl -hms -pscn 15 (No File)
Task: {8B2E4E24-AF26-4FDC-829D-4981E0A383EC} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.)
Task: {908E895A-1667-42B2-9367-FCAE82707A78} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.)
Task: {986FA7C0-E3E7-4E8D-9D45-54D8DC63C983} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {996635AA-393E-4AA1-B7C0-0AE28170068B} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [121605552 2022-03-16] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
Task: {9BB4F45A-1EC5-4146-A405-DB881C1151DD} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\089115ef-4596-4455-a093-aa1545ec6e68 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {9DC0F373-30B7-4CEB-B1CA-5F5CCE31952C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2016-01-01] (Google Inc -> Google Inc.)
Task: {A3F6B67C-EF77-42B7-BDF1-784BFA4C7155} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {ACE01B2A-A8E7-4665-B92A-0B39E18DA50A} - System32\Tasks\{34CD5E77-77C4-4031-9C1F-FAB820BE5289} => C:\Windows\system32\pcalua.exe -a D:\Autorun.exe -d D:\
Task: {AFDA29A7-06C4-4ECE-8F42-072668F83BE6} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B1F6636D-6692-46D7-9752-661D5D3A5DD5} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [17184 2014-09-02] (LENOVO -> Lenovo)
Task: {B767DA16-521D-4855-A46F-26D70E554AE8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-04-07] (Piriform Software Ltd -> Piriform)
Task: {B84A9E2A-BF71-471C-9F3A-C81B49654B4A} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {BBC106EF-131A-4C5F-B999-B0B1DAC2827E} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\WINDOWS\SysWOW64\PowerMgrInst.exe [63936 2021-12-03] (Lenovo -> )
Task: {C13289CD-622C-4A5A-AA0C-C8725E714CB4} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {C25EFF14-B098-4FBE-82CB-B715C49CF7A7} - System32\Tasks\{A1468312-B4AB-4A5A-98F0-2A1CDFB94381} => C:\Windows\system32\pcalua.exe -a C:\Users\Dana\AppData\Local\Apps\2.0\VDARROLH.W77\2Q1QEAZP.EV2\lsb...tion_91a10ba61c75c82d_0001.0006_014be6b8b4b27d94\Uninstaller.exe -c "rundll32.exe dfshim.dll,ShArpMaintain LSB.application, Culture=neutral, PublicKeyToken=91a10ba61c75c82d, processorArchitecture=msil"
Task: {C737189A-E61C-4D64-9701-E018A56862FC} - System32\Tasks\{E914218A-0908-4685-8C28-5C76322D1326} => C:\Users\Dana\AppData\Local\Amazon Music\Amazon Music.exe [23175656 2017-09-09] (Amazon Services LLC -> Amazon Services LLC)
Task: {C7F15081-3C68-49A1-B458-3B104BF77069} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {C91C1C8A-5607-444E-810B-F7CC723F3AF0} - System32\Tasks\{D3B84D8E-AD48-4D63-A7C0-7D28E12BFF5C} => C:\Users\Dana\AppData\Local\Amazon Music\Amazon Music.exe [23175656 2017-09-09] (Amazon Services LLC -> Amazon Services LLC)
Task: {CD3B4EB0-6613-447B-8A59-450EE7643463} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CF4C2883-F412-4837-9831-B47F442271A1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D9355F7E-A13F-4479-A824-B5F754E3D9A1} - System32\Tasks\{64CF980B-ED1B-4D96-973A-45625518518B} => C:\Users\Dana\AppData\Local\Amazon Music\Amazon Music.exe [23175656 2017-09-09] (Amazon Services LLC -> Amazon Services LLC)
Task: {DC4520C7-F3A0-4BEE-8C46-40090876B85E} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [5745672 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
Task: {DC935CC3-167F-4CDA-93E6-95A5E0EC62EE} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {DD989857-6210-409B-BDD7-95942FAB7565} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-10-10] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {E17D5839-8AC9-409F-BB69-37D8C0725764} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {E1C795F2-0FA3-4FBA-B1D3-97D46B785159} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {E274D82F-D66F-499E-8827-9C4CC2AC7065} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {E3D71B02-EC1D-4E43-9647-EA75259D3F0F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {E8878E17-AC7B-451E-9CA1-0BA5FA64A06F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe $(Arg0) (No File)
Task: {EC652FAE-7E22-4151-B773-77BB9E47071D} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {EEDFBAE2-8457-450F-B98D-091B76E90648} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {F07759B0-5AB8-451C-A3CA-2B8839A799AD} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {F096C5FC-6106-416A-8CB6-B09D85BB1772} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1897824 2022-03-09] (Lenovo -> )
Task: {F0EAA5F6-EA62-44AF-AAFB-5CA205F78796} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {F5CE988F-83DF-412E-99AD-9654DCA48CC3} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe /StartRecording (No File)
Task: {F8AA458B-3954-4AB3-B9C2-3F0A06847B1B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {FF90632D-C85D-493E-91CB-CE0CABD9CBC8} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7b2e3ce9-dffb-41b4-90c3-524ba50c0473}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c0e1da8e-8ad8-4f92-8051-125180f47b75}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c6fdb647-34bc-4f73-b5b0-ad62f3d7d381}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c8350f96-a9f8-4117-86f6-491595b8f12f}: [DhcpNameServer] 76.9.251.1
Tcpip\..\Interfaces\{de81ae96-eaf0-4d5b-9e94-eb658f237786}: [NameServer] 10.83.0.1
Tcpip\..\Interfaces\{e7691b62-bc41-4cf8-b36b-17aea3e4426f}: [DhcpNameServer] 76.9.251.1
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Dana\AppData\Local\Microsoft\Edge\User Data\Default [2022-04-12]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Dana\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-04-07]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF DefaultProfile: h74g8q1m.default-1491247110478-1536710986397
FF ProfilePath: C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\h74g8q1m.default-1491247110478-1536710986397 [2022-04-15]
FF Extension: (IBM Security Rapport) - C:\Users\Dana\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\rapportext@trusteer.com.xpi [2020-06-07] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
FF Extension: (F.B Purity - Cleans up Facebook) - C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\h74g8q1m.default-1491247110478-1536710986397\Extensions\fbpElectroWebExt@fbpurity.com.xpi [2022-02-19] [UpdateUrl:hxxps://www.fbpurity.com/FF-FBP-Ext-Updates.json]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\h74g8q1m.default-1491247110478-1536710986397\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2022-02-19]
FF Extension: (IBM Security Rapport) - C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\h74g8q1m.default-1491247110478-1536710986397\Extensions\rapportext@trusteer.com.xpi [2020-05-15] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
FF Extension: (Dissenter Extension) - C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\h74g8q1m.default-1491247110478-1536710986397\Extensions\{20dd52e5-90c0-4a51-8b31-e70419c5b126}.xpi [2019-04-02]
FF Extension: (Startpage.com — Private Search Engine) - C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\h74g8q1m.default-1491247110478-1536710986397\Extensions\{20fc2e06-e3e4-4b2b-812b-ab431220cada}.xpi [2021-01-09]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\h74g8q1m.default-1491247110478-1536710986397\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-02-19]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default [2022-04-12]
CHR Extension: (Slides) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-11]
CHR Extension: (Docs) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-14]
CHR Extension: (Google Drive) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-05-09]
CHR Extension: (IBM Security Rapport) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2022-04-10]
CHR Extension: (YouTube) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-14]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-04-10]
CHR Extension: (Sheets) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-11]
CHR Extension: (Google Docs Offline) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-04-10]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-04-10]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-05-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-09]
CHR Extension: (Gmail) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-05-09]
CHR HKU\S-1-5-21-4034831176-164765369-2251470085-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof]
CHR HKU\S-1-5-21-4034831176-164765369-2251470085-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
Brave:
=======
BRA Profile: C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2022-04-15]
BRA DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}&t=brave
BRA DefaultSearchKeyword: Default -> :d
BRA DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
BRA Extension: (IBM Security Rapport) - C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2022-02-16]
BRA Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-03-24]
BRA Extension: (Malwarebytes Browser Guard) - C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-04-11]
BRA Extension: (Application Launcher For Drive (by Google)) - C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-10-10]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2022-04-14]
BRA Extension: (Brave NTP background images) - C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2022-03-10]
BRA Extension: (Wallet Data Files Updater) - C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2022-04-12]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-04-14]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2022-04-15]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-03-10]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2022-04-12]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1143720 2013-02-15] (Acronis International GmbH -> Acronis)
R2 AdobeActiveFileMonitor8.0; C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-09-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [3783672 2016-01-01] (Acronis International GmbH -> Acronis)
R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth Profile\AvrcpService.exe [41176 2015-03-02] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-10-10] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-10-10] (Brave Software, Inc. -> BraveSoftware Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2018-01-18] (Brother Industries, Ltd.) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth Profile\BTDevMgr.exe [120024 2015-07-02] (Realtek Semiconductor Corp -> )
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [829080 2015-06-11] (CONDUSIV TECHNOLOGIES -> Condusiv Technologies)
R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [437160 2022-03-02] (EXPRSVPN LLC -> ExpressVPN)
R2 FirmwareUpdaterService; C:\Program Files (x86)\Sierra Wireless Inc\LENOVO MBIM Toolkit\firmwareupdaterservice.exe [100080 2017-04-28] (Intel(R) MBIM Toolkit -> )
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
R2 Lenovo Instant On; C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\EasyResume.exe [2351304 2021-12-03] (Lenovo -> Lenovo Group Limited)
S2 LPlatSvc; C:\WINDOWS\System32\LPlatSvc.exe [892288 2019-12-11] (Lenovo -> Lenovo.)
S3 MagicianSVC; C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe [360368 2022-03-16] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8348856 2022-03-30] (Malwarebytes Inc -> Malwarebytes)
S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2006-11-10] (Nero AG) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [3002752 2020-02-25] (IBM -> IBM Corp.)
U2 SamsungMagicianSVC; C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe [360368 2022-03-16] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 SamsungRapidSvc; C:\WINDOWS\System32\RAPID\SamsungRapidSvc.exe [30504 2019-12-02] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6254352 2022-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SwiService; C:\Program Files\Sierra Wireless Inc\Utils\SwiService.exe [1543144 2017-04-28] (Sierra Wireless, Inc -> Sierra Wireless, Inc.)
R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7084672 2013-03-26] (Acronis International GmbH -> Acronis)
R2 TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [3647272 2009-03-26] (Wacom Technology Corp. -> Wacom Technology, Corp.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13353768 2021-09-15] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 TPHKLOAD; C:\WINDOWS\System32\DriverStore\FileRepository\fn.inf_amd64_700aca387f1cbd51\driver\TPHKLOAD.exe [465200 2020-12-28] (Lenovo -> Lenovo Group Limited)
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [77792 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R2 valWbioSyncSvc; C:\WINDOWS\system32\valWbioSyncSvc.exe [48608 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe [3116848 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe [133544 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R1 excfs; C:\WINDOWS\System32\DRIVERS\excfs.sys [25752 2015-06-11] (CONDUSIV TECHNOLOGIES -> Condusiv Technologies)
R0 excsd; C:\WINDOWS\System32\DRIVERS\excsd.sys [117912 2015-06-11] (CONDUSIV TECHNOLOGIES -> Condusiv Technologies)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [45640 2022-03-02] (ExprsVPN LLC -> ExpressVPN)
R3 expressvpntun; C:\WINDOWS\System32\drivers\expressvpn-tun.sys [46896 2021-11-08] (Express VPN International Ltd. -> ExpressVPN)
R0 fltsrv; C:\WINDOWS\System32\DRIVERS\fltsrv.sys [108832 2016-01-01] (Acronis International GmbH -> Acronis International GmbH)
R1 googledrivefs3688; C:\WINDOWS\System32\DRIVERS\googledrivefs3688.sys [381456 2021-12-14] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R1 googledrivefs3758; C:\WINDOWS\System32\DRIVERS\googledrivefs3758.sys [384584 2022-03-24] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [221096 2022-03-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-04-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [195024 2022-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2022-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-11-11] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [158856 2022-04-12] (Malwarebytes Inc -> Malwarebytes)
R0 PMDRVS; C:\WINDOWS\System32\drivers\pmdrvs.sys [38160 2019-12-11] (Lenovo -> Lenovo.)
S1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [431376 2020-02-25] (IBM -> IBM Corp.)
S1 RapportCerberus_1955065; c:\programdata\trusteer\rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1955065.sys [1469776 2020-06-07] (IBM -> IBM Corp.)
S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544592 2020-02-25] (IBM -> IBM Corp.)
S3 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [397248 2020-02-25] (IBM -> IBM Corp.)
S3 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [447232 2020-02-25] (IBM -> IBM Corp.)
S3 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [562560 2020-02-25] (IBM -> IBM Corp.)
R0 SamsungRapidDiskFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidDiskFltr.sys [309752 2019-06-13] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidFSFltr.sys [120280 2019-06-13] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 SMIDriverGen; C:\WINDOWS\system32\DRIVERS\smi.sys [31440 2018-04-25] (Synaptics Inc. -> Synaptics Incorporated)
S3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [44304 2020-04-01] (ExprsVPN LLC -> The OpenVPN Project)
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1120032 2016-01-01] (Acronis International GmbH -> Acronis International GmbH)
S3 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [183224 2016-01-01] (Acronis International GmbH -> Acronis)
R0 vidsflt; C:\WINDOWS\System32\DRIVERS\vidsflt.sys [130848 2020-04-27] (Acronis International GmbH -> Acronis International GmbH)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2022-04-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [23200 2015-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [443664 2022-04-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90384 2022-04-08] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-04-15 08:04 - 2022-04-15 08:04 - 002366464 _____ (Farbar) C:\Users\Dana\Downloads\FRST64 (1).exe
2022-04-14 19:06 - 2022-04-14 19:06 - 000009255 _____ C:\Users\Dana\Downloads\Fixlist (1).txt
2022-04-14 19:04 - 2022-04-14 19:04 - 000009255 _____ C:\Users\Dana\Downloads\Fixlist.txt
2022-04-14 14:15 - 2022-04-14 14:15 - 008551608 _____ (Malwarebytes) C:\Users\Dana\Downloads\adwcleaner.exe
2022-04-14 14:13 - 2022-04-14 14:13 - 008540344 _____ (Malwarebytes) C:\Users\Dana\Downloads\adwcleaner_8.3.1.exe
2022-04-13 21:50 - 2022-04-13 21:50 - 000319176 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_94d46d2ea_klark.sys
2022-04-13 21:44 - 2022-04-13 21:44 - 000299544 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\94d46d2e.sys
2022-04-13 21:44 - 2022-04-13 21:44 - 000227664 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_94d46d2ea_mark.sys
2022-04-13 21:42 - 2022-04-13 21:49 - 000000000 ____D C:\KVRT2020_Data
2022-04-13 21:25 - 2022-04-13 21:34 - 116320880 _____ (AO Kaspersky Lab) C:\Users\Dana\Downloads\KVRT.exe
2022-04-13 11:15 - 2022-04-13 11:15 - 015274968 _____ (ESET) C:\Users\Dana\Downloads\esetonlinescanner (1).exe
2022-04-13 11:13 - 2022-04-14 14:10 - 000001414 _____ C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2022-04-13 11:13 - 2022-04-14 14:10 - 000001308 _____ C:\Users\Dana\Desktop\ESET Online Scanner.lnk
2022-04-13 11:13 - 2022-04-13 11:13 - 000000000 ____D C:\Users\Dana\AppData\Local\ESET
2022-04-13 11:10 - 2022-04-13 11:11 - 015274968 _____ (ESET) C:\Users\Dana\Downloads\esetonlinescanner.exe
2022-04-12 22:10 - 2022-04-12 22:10 - 000195024 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-04-12 22:10 - 2022-04-12 22:10 - 000158856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-04-12 22:10 - 2022-04-12 22:10 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-04-12 18:32 - 2022-04-12 18:32 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2022-04-12 18:32 - 2022-04-12 18:32 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2022-04-12 18:32 - 2022-04-12 18:32 - 000011803 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-04-12 18:31 - 2022-04-12 18:31 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-04-12 18:23 - 2022-04-12 18:23 - 000000000 ___HD C:\$WinREAgent
2022-04-12 12:10 - 2022-04-15 08:12 - 000049200 _____ C:\Users\Dana\Downloads\Addition.txt
2022-04-12 12:06 - 2022-04-15 08:41 - 000051283 _____ C:\Users\Dana\Downloads\FRST.txt
2022-04-12 12:06 - 2022-04-15 08:40 - 000000000 ____D C:\FRST
2022-04-12 12:05 - 2022-04-12 12:05 - 002365952 _____ (Farbar) C:\Users\Dana\Downloads\FRST64.exe
2022-04-06 12:49 - 2022-04-12 19:40 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2022-04-05 09:13 - 2022-03-24 07:54 - 000384584 _____ (Google, Inc.) C:\WINDOWS\system32\Drivers\googledrivefs3758.sys
2022-04-01 17:31 - 2022-04-01 17:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lenovo
2022-04-01 09:25 - 2022-04-01 09:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2022-03-31 09:26 - 2022-03-31 09:26 - 000000000 ____D C:\WINDOWS\Panther
2022-03-30 15:26 - 2022-03-30 15:26 - 000156490 _____ C:\Users\Dana\Downloads\Lean Enrollment_encrypted_.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-04-15 08:40 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-04-15 08:39 - 2016-11-22 09:12 - 000000000 ____D C:\Users\Dana\AppData\LocalLow\Mozilla
2022-04-15 08:33 - 2016-01-01 05:33 - 000000000 ____D C:\Program Files (x86)\Google
2022-04-15 08:15 - 2019-02-04 14:42 - 000000000 ____D C:\ProgramData\Mozilla
2022-04-15 08:14 - 2021-10-10 11:18 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2022-04-15 08:14 - 2021-10-10 11:18 - 000002323 _____ C:\Users\Public\Desktop\Brave.lnk
2022-04-15 08:06 - 2021-10-10 08:23 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-04-15 08:06 - 2021-09-25 22:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2022-04-15 08:06 - 2020-11-03 01:02 - 000004148 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{2C0E6ADA-5CA0-4B9E-87F2-D4AD77B1F348}
2022-04-15 08:06 - 2015-12-31 16:50 - 000000000 ____D C:\Program Files\CCleaner
2022-04-15 08:06 - 2015-12-31 16:44 - 000001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-04-15 08:06 - 2015-12-31 16:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-04-15 08:03 - 2021-10-22 11:15 - 000000000 ___RD C:\Users\Dana\My Drive (stechetto@gmail.com)
2022-04-15 08:03 - 2020-09-27 07:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-04-15 08:03 - 2018-10-26 18:09 - 000000000 ___RD C:\Users\Dana\Google Drive
2022-04-15 08:03 - 2016-01-01 04:22 - 000000000 ____D C:\Users\Dana\AppData\Roaming\WTablet
2022-04-14 20:01 - 2021-11-08 15:58 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2022-04-14 20:01 - 2021-11-08 15:58 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2022-04-14 20:01 - 2020-11-03 01:02 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-04-14 14:38 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-04-14 14:38 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-04-14 14:33 - 2016-01-01 05:33 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-04-14 14:33 - 2016-01-01 05:33 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-04-14 14:10 - 2016-01-01 01:47 - 000000000 ____D C:\Users\Dana\AppData\Local\CrashDumps
2022-04-13 13:54 - 2020-09-27 07:36 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-04-13 13:54 - 2020-09-27 07:36 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-04-13 11:05 - 2022-02-04 09:22 - 000000000 ____D C:\Users\Dana\AppData\Roaming\Samsung Magician
2022-04-13 00:18 - 2015-12-31 16:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-04-13 00:14 - 2015-12-31 16:43 - 143823848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-04-12 22:17 - 2020-11-03 01:04 - 000978502 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-04-12 22:17 - 2019-12-07 02:13 - 000000000 ____D C:\WINDOWS\INF
2022-04-12 22:14 - 2019-05-02 00:52 - 000000000 ___RD C:\Users\Dana\OneDrive
2022-04-12 22:12 - 2015-12-31 16:10 - 000000000 __SHD C:\Users\Dana\IntelGraphicsProfiles
2022-04-12 22:11 - 2020-11-10 23:14 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2022-04-12 22:11 - 2016-01-01 15:38 - 000000000 ____D C:\WTablet
2022-04-12 22:10 - 2020-11-10 23:15 - 000000000 ____D C:\ProgramData\Synaptics
2022-04-12 22:10 - 2020-09-27 07:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-04-12 22:10 - 2020-09-27 07:33 - 000452176 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-04-12 22:10 - 2020-09-27 07:33 - 000008192 ___SH C:\DumpStack.log.tmp
2022-04-12 22:10 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-04-12 22:10 - 2019-12-07 02:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-04-12 22:10 - 2015-12-31 16:55 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2022-04-12 22:10 - 2015-12-31 16:13 - 000000000 ____D C:\ProgramData\NVIDIA
2022-04-12 22:09 - 2019-12-07 02:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-04-12 22:09 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-04-12 22:09 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-04-12 22:09 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-04-12 22:09 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-04-12 22:09 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-04-12 22:09 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-04-12 22:09 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\Provisioning
2022-04-12 22:09 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-04-12 22:09 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-04-12 18:35 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-04-12 12:21 - 2019-11-04 21:21 - 000000000 ____D C:\Users\Dana\AppData\Local\D3DSCache
2022-04-12 11:45 - 2016-01-01 05:21 - 000001927 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2022-04-12 11:45 - 2016-01-01 05:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2022-04-12 11:45 - 2016-01-01 05:21 - 000000000 ____D C:\Program Files\FileZilla FTP Client
2022-04-12 11:43 - 2021-03-05 20:38 - 000001060 _____ C:\Users\Dana\Desktop\Core FTP LE.lnk
2022-04-12 11:43 - 2016-01-01 17:28 - 000000000 ____D C:\Program Files (x86)\CoreFTP
2022-04-12 11:36 - 2021-08-31 10:38 - 000001699 _____ C:\Users\Public\Desktop\Recuva.lnk
2022-04-12 11:36 - 2021-08-31 10:38 - 000000000 ____D C:\Program Files\Recuva
2022-04-11 11:02 - 2021-09-03 20:27 - 000002064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2022-04-11 11:02 - 2021-09-03 20:27 - 000001899 _____ C:\Users\Default\Desktop\Google Slides.lnk
2022-04-11 11:02 - 2021-09-03 20:27 - 000001899 _____ C:\Users\Default\Desktop\Google Sheets.lnk
2022-04-11 11:02 - 2021-09-03 20:27 - 000001887 _____ C:\Users\Default\Desktop\Google Docs.lnk
2022-04-11 10:37 - 2021-12-10 19:44 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4034831176-164765369-2251470085-1000
2022-04-11 10:37 - 2020-11-03 01:02 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2022-04-11 10:37 - 2020-11-03 01:02 - 000003360 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4034831176-164765369-2251470085-1000
2022-04-11 10:37 - 2020-11-03 00:55 - 000002413 _____ C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-04-10 09:48 - 2020-09-27 07:36 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-04-10 09:48 - 2020-09-27 07:36 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-04-08 08:05 - 2020-09-27 07:34 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-04-05 23:50 - 2020-08-21 19:11 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-04-05 08:27 - 2015-12-31 16:25 - 000000000 ____D C:\ProgramData\Lenovo
2022-04-05 08:25 - 2020-11-03 13:15 - 000000000 ____D C:\WINDOWS\TempInst
2022-04-04 11:53 - 2017-01-25 14:47 - 000000000 ____D C:\Users\Dana\AppData\Local\ElevatedDiagnostics
2022-04-01 17:31 - 2020-11-10 22:59 - 000001935 _____ C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
2022-04-01 17:31 - 2020-11-03 13:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\TVT
2022-04-01 17:31 - 2015-12-31 16:24 - 000000000 ____D C:\Program Files (x86)\Lenovo
2022-04-01 09:25 - 2020-11-03 01:02 - 000003334 _____ C:\WINDOWS\system32\Tasks\SamsungMagician
2022-03-31 09:25 - 2015-12-31 16:48 - 000000000 ____D C:\Program Files\WinRAR
2022-03-23 21:13 - 2020-08-21 19:11 - 000601432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2022-03-23 21:12 - 2020-08-21 19:11 - 000483664 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2022-03-17 08:27 - 2015-12-31 16:48 - 000000000 ____D C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-03-17 08:27 - 2015-12-31 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
==================== Files in the root of some directories ========
2020-11-10 23:55 - 2022-04-15 08:03 - 001905434 _____ () C:\Users\Dana\AppData\Local\BTServer.log
2021-08-01 09:56 - 2021-08-01 09:56 - 000000730 _____ () C:\Users\Dana\AppData\Local\recently-used.xbel
2018-09-21 10:04 - 2018-09-21 10:04 - 000007605 _____ () C:\Users\Dana\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Here's the second one:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2022
Ran by Dana (15-04-2022 08:42:06)
Running from C:\Users\Dana\Downloads
Microsoft Windows 10 Pro Version 21H2 19044.1645 (X64) (2020-11-03 08:02:28)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-4034831176-164765369-2251470085-500 - Administrator - Disabled)
Dana (S-1-5-21-4034831176-164765369-2251470085-1000 - Administrator - Enabled) => C:\Users\Dana
DefaultAccount (S-1-5-21-4034831176-164765369-2251470085-503 - Limited - Disabled)
Guest (S-1-5-21-4034831176-164765369-2251470085-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4034831176-164765369-2251470085-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-4034831176-164765369-2251470085-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 22.001.20117 - Adobe)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)
Amazon Music (HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\Amazon Amazon Music) (Version: 6.0.0.1152 - Amazon Services LLC)
ANT Drivers Installer x64 (HKLM\...\{D559687A-60C5-4786-9429-C21EC195789D}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Autodesk SketchBook Pro 2011 sp2 (HKLM-x32\...\{F0B27584-72DD-4CED-A329-57C7F91586C0}) (Version: 5.20.0000 - Autodesk)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 100.1.37.116 - Brave Software Inc)
Brother MFL-Pro Suite (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.00 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.92 - Piriform)
Content (HKLM-x32\...\{B369483E-0728-405C-8F8C-3427B263B01F}) (Version: 1.00.0000 - Your Company Name) Hidden
Core FTP LE (HKLM-x32\...\CoreFTP) (Version: - )
Core FTP LE 2.1 (HKLM-x32\...\Core FTP LE 2.1) (Version: - )
Corel Painter 11 - ICA (HKLM-x32\...\{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}) (Version: 11.0 - Corel Corporation) Hidden
Corel Painter 11 - IPM (HKLM-x32\...\{7EC69F77-5494-4E1F-8BC6-956DAA5A91F2}) (Version: 011 - Corel Corporation) Hidden
Corel Painter 11 (HKLM-x32\...\_{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}) (Version: - Corel Corporation)
Corel Painter 11 (HKLM-x32\...\{28F8F8F0-C278-454A-9507-46B344AAD188}) (Version: 11.0 - Corel Corporation) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform)
Documentation Manager (HKLM\...\{87CA98A2-FF74-4CBE-81D8-0E9145F4A97C}) (Version: 22.30.0.11 - Intel Corporation) Hidden
EditPad Lite 7.4.0 (HKLM\...\EditPad Lite) (Version: 7.4.0 - Just Great Software)
Elevated Installer (HKLM-x32\...\{0BF90608-2F95-4C7C-9A85-E90E0CAF4FE9}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
ExpressCache (HKLM\...\{F19137D8-2E93-4043-9634-4D44E7EFE889}) (Version: 1.3.118.0 - Condusiv Technologies)
ExpressVPN (HKLM-x32\...\{90e86a49-1129-4c1e-87a0-634efa18d2c6}) (Version: 10.20.0.6 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B8770D7837}) (Version: 10.20.0.6 - ExpressVPN) Hidden
ffdshow v1.3.4532 [2014-07-17] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4532.0 - )
FileZilla Client 3.59.0 (HKLM-x32\...\FileZilla Client) (Version: 3.59.0 - Tim Kosse)
Garmin Express (HKLM-x32\...\{95D0EADA-5123-41C0-931A-F37946BC0E8E}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{eab4691c-4022-41cd-8d39-c3097ba62d4b}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries)
GIMP 2.10.10 (HKLM\...\GIMP-2_is1) (Version: 2.10.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 100.0.4896.127 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 56.0.11.0 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden
HL-L2340D series (HKLM-x32\...\{46B58839-2405-48D6-A59D-F8246158A6ED}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IconHandler 32 bit (HKLM-x32\...\{1AED4ABF-0852-4B3F-9F87-00CF88F25CE0}) (Version: 2.0 - Corel Corporation) Hidden
IconHandler 64 bit (HKLM\...\{4E82E2E9-668B-4F8A-814A-78E163FCDBCD}) (Version: 2.0 - Corel Corporation) Hidden
Inkscape 0.92.4 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.92.4.0 - Inkscape project)
Intel(R) Chipset Device Software (HKLM-x32\...\{bd366c5e-00cd-46ed-b647-0b9874f32140}) (Version: 10.1.17809.8096 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.6.1194 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5144 - Intel Corporation) Hidden
Intel® Software Installer (HKLM-x32\...\{b6118eaf-49e9-457a-85dd-0a4a96aa9e93}) (Version: 22.30.0.11 - Intel Corporation) Hidden
Langauge (HKLM-x32\...\{840BF2FE-033D-437C-89D1-AAA206BA13B6}) (Version: 1.00.0000 - Your Company Name) Hidden
Lenovo Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.82.00.20 - Lenovo)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.23 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0136 - Lenovo)
LINE (HKLM-x32\...\LINE) (Version: 4.3.2.730 - LINE Corporation)
Luminar 4 (HKLM\...\Luminar 4) (Version: 4.2.0.5577 - Skylum)
Malwarebytes version 4.5.7.186 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.7.186 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 100.0.1185.39 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\OneDriveSetup.exe) (Version: 22.065.0327.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
ModemAuthenticator (HKLM-x32\...\{30F2BC34-BB35-4722-9CE9-B04849D3C934}) (Version: 1.0.25 - Intel Mobile Communications)
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 99.0 (x64 en-US)) (Version: 99.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 91.6.2 - Mozilla)
Mozilla Thunderbird (x64 en-US) (HKLM\...\Mozilla Thunderbird 91.8.0 (x64 en-US)) (Version: 91.8.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{235BBFC6-D863-4066-A01A-3BD504C31033}) (Version: 7.02.2620 - Nero AG)
Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{D2064264-3162-4DB1-AFE0-167BEFBBCD9C}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RAPID Mode (HKLM\...\{7B2F4116-7C42-4EB6-9B11-220F0FAA3567}) (Version: 1.0.1.105 - Samsung Electronics Co., Ltd.) Hidden
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1955.62 - Trusteer) Hidden
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8988.1 - Realtek Semiconductor Corp.) Hidden
REALTEK Bluetooth Profile (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AC}) (Version: 1.0.6.071015 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21290 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 7.1.0.770 - Samsung Electronics)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Sierra Wireless EM7345 4G LTE Software (HKLM-x32\...\SWIIntelDrvInstaller) (Version: 2.36.10970.4674 - Sierra Wireless, Inc.)
Software Upgrade Assistant (HKLM-x32\...\{B33BA940-B460-4F02-BFF3-1DDCE7083726}_is1) (Version: 2.3.8 - Motorola Mobility LLC)
SoundTouch (HKLM-x32\...\{BEF6C302-C29F-4FCA-9FE1-E9A994A40108}) (Version: 18.1.4.2009 - BOSE)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Synaptics WBF DDK 5011 (Advanced) (HKLM\...\{9C7B6DA0-852C-46DB-8D8C-F8B25C7F1354}) (Version: 4.5.507.0 - Synaptics)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.22.3 - TeamViewer)
TreeSize Free V4.4 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.4 - JAM Software)
True Image WD Edition (HKLM-x32\...\{85CB1512-2D4A-4469-AC21-6B111D169CEB}) (Version: 16.0.5962 - Acronis)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1955.62 - Trusteer)
VCarve Desktop 9.5 (HKLM\...\VCarve DesktopV95) (Version: 9.5 - Vectric)
Vectric Shell Extensions 1.2 (HKLM-x32\...\VectricThumbnailShellExt) (Version: - Vectric)
Virtual Disk Driver (HKLM-x32\...\{6B6137AE-281D-419E-9F40-FFD1B42A740D}) (Version: 1.1.2141 - Acronis)
VTransfer (HKLM\...\VTransfer) (Version: 2.0 - Vectric)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.30-6 - Wacom Technology Corp.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23192 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\ZoomUMX) (Version: 5.9.1 (2581) - Zoom Video Communications, Inc.)
Packages:
=========
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.17.65.0_x86__kgqvnymyfvs32 [2022-03-31] (king.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.78.2.0_x64__kgqvnymyfvs32 [2022-04-14] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2240.1.0_x64__kgqvnymyfvs32 [2022-04-06] (king.com)
Dragon Mania Legends -> C:\Program Files\WindowsApps\A278AB0D.DragonManiaLegends_6.7.9.0_x64__h6adky7gbf63m [2022-03-31] (Gameloft SE)
FarmVille 2: Country Escape -> C:\Program Files\WindowsApps\D52A8D61.FarmVille2CountryEscape_19.7.7670.0_x64__jwbwg6xx0377a [2022-04-07] (Zynga Inc.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2202.9.0_x64__k1h2ywk1493x8 [2022-02-25] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-05-02] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-05-02] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2022-03-26] (Microsoft Studios) [MS Ad]
OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_19.23.19.0_x64__8wekyb3d8bbwe [2021-12-10] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-04-27] (Microsoft Corporation)
Raw Image Extension -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_2.0.30391.0_x64__8wekyb3d8bbwe [2022-02-17] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\56.0.11.0\drivefsext.dll [2022-03-30] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\56.0.11.0\drivefsext.dll [2022-03-30] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\56.0.11.0\drivefsext.dll [2022-03-30] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\56.0.11.0\drivefsext.dll [2022-03-30] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => C:\Program Files (x86)\REALTEK\Realtek Bluetooth Profile\DevMenuExt.dll [2014-07-03] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\56.0.11.0\drivefsext.dll [2022-03-30] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-25] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\56.0.11.0\drivefsext.dll [2022-03-30] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2022-04-06] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\56.0.11.0\drivefsext.dll [2022-03-30] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2021-02-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-01-15] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-25] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2022-04-06] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112640 2014-07-17] () [File not signed]
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2016-10-12 06:15 - 2016-10-12 06:15 - 000848896 _____ () [File not signed] \\?\C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\node_modules\sqlite3\lib\binding\node-v46-win32-ia32\node_sqlite3.node
2016-06-10 13:15 - 2009-02-27 16:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-06-10 13:15 - 2018-01-18 16:39 - 000519168 _____ () [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2018-02-09 17:55 - 2018-02-09 17:55 - 000068608 _____ () [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\zlib1.dll
2018-07-18 14:27 - 2018-07-18 14:27 - 000747520 _____ () [File not signed] C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2016-01-01 18:57 - 2005-04-22 14:36 - 000143360 _____ () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll
2016-01-01 18:57 - 2007-10-26 12:22 - 000602112 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\brccDCtl.dll
2016-01-01 18:57 - 2008-08-05 12:33 - 000172032 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\brccFCtl.dll
2016-01-01 18:57 - 2007-07-10 12:25 - 005345280 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\brccimg.dll
2016-01-01 18:57 - 2007-08-06 15:36 - 000110592 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\brccusa.dll
2016-01-01 18:57 - 2007-01-29 10:59 - 000094208 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\BrDbgOut.dll
2016-01-01 18:57 - 2008-01-25 21:36 - 000086016 _____ (Brother Industries, Ltd.) [File not signed] C:\WINDOWS\system32\BrNetSti.dll
2016-01-01 18:57 - 2007-01-11 14:07 - 000061440 ____N (Brother Industries,LTD.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\BrImgPDF.dll
2016-01-01 18:57 - 2003-06-30 01:00 - 000259584 ____N (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\LTDIS12n.dll
2016-01-01 18:57 - 2005-07-05 01:00 - 000131584 ____N (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\LTFIL12n.DLL
2016-01-01 18:57 - 2003-06-30 01:00 - 000406016 ____N (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\LTKRN12n.dll
2016-10-12 06:15 - 2016-10-12 06:15 - 025911296 _____ (The ICU Project) [File not signed] \\?\C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\node_modules\sqlite3\lib\binding\node-v46-win32-ia32\icudt55.dll
2016-10-12 06:15 - 2016-10-12 06:15 - 001683456 _____ (The ICU Project) [File not signed] \\?\C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\node_modules\sqlite3\lib\binding\node-v46-win32-ia32\icuin55.dll
2016-10-12 06:15 - 2016-10-12 06:15 - 001158144 _____ (The ICU Project) [File not signed] \\?\C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\node_modules\sqlite3\lib\binding\node-v46-win32-ia32\icuuc55.dll
2016-10-03 13:04 - 2016-10-03 13:04 - 025048064 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\icudt56.dll
2016-10-03 13:02 - 2016-10-03 13:02 - 001802240 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\icuin56.dll
2016-10-03 12:59 - 2016-10-03 12:59 - 001179648 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\icuuc56.dll
2016-10-12 12:15 - 2016-10-12 12:15 - 000038400 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\imageformats\qdds.dll
2016-10-12 12:14 - 2016-10-12 12:14 - 000024576 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\imageformats\qgif.dll
2016-10-12 12:15 - 2016-10-12 12:15 - 000030720 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\imageformats\qicns.dll
2016-10-12 12:14 - 2016-10-12 12:14 - 000024576 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\imageformats\qico.dll
2016-10-12 12:13 - 2016-10-12 12:13 - 000988160 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\platforms\qwindows.dll
2018-02-09 17:55 - 2018-02-09 17:55 - 004144128 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\Qt5Core.dll
2016-10-12 11:46 - 2016-10-12 11:46 - 004868096 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\Qt5Gui.dll
2016-10-12 11:19 - 2016-10-12 11:19 - 000849408 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\Qt5Network.dll
2016-10-12 11:19 - 2016-10-12 11:19 - 000155136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\Qt5Sql.dll
2016-10-12 12:01 - 2016-10-12 12:01 - 004486656 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\Qt5Widgets.dll
2016-10-12 11:20 - 2016-10-12 11:20 - 000152576 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\Qt5Xml.dll
2016-10-12 12:07 - 2016-10-12 12:07 - 000686592 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\sqldrivers\qsqlite.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 19:34 - 2009-06-10 14:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Condusiv Technologies\ExpressCache\
HKU\S-1-5-21-4034831176-164765369-2251470085-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SketchBook Snapshot.lnk => C:\Windows\pss\SketchBook Snapshot.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: LenovoUtility => "C:\Program Files\Lenovo\LenovoUtility\utility.exe"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\StartupApproved\Run: => "Amazon Music Helper"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{3775B783-2FFA-4093-B4E6-3F0F432EFE41}] => (Allow) C:\Users\Dana\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{C2C77C22-5C20-4138-900F-8F4F7F57DEFE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0056A7F6-6691-4D44-AEC0-04A2532C8BE1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D42CFC1D-FED9-4918-84EA-295B13D74EDA}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
FirewallRules: [{56B2B019-C582-4996-98F7-EFE1A801970C}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
FirewallRules: [{8DE0AA2D-09B9-4877-8370-8DA5D9A1DCFA}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FF8E8146-AB7C-46A7-B8A6-F400040188B6}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> Acronis)
FirewallRules: [{5BFF5746-FE42-46BE-BF97-947658352AC1}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> Acronis)
FirewallRules: [{85A2858C-FA83-4FA1-AA1C-25E9B8EB37B0}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe (Brother Industries Ltd.) [File not signed]
FirewallRules: [{C85818F8-D292-4F87-8BB0-5F84A428A898}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe (Brother Industries Ltd.) [File not signed]
FirewallRules: [{74DC16C1-83ED-47DB-9A9E-37AA7371ADDE}] => (Allow) LPort=54925
FirewallRules: [{F28F845D-CD58-4B6C-BF03-3CA312B8F352}] => (Allow) C:\Program Files (x86)\LINE\LINE.exe (LINE Corporation -> LINE Corporation)
FirewallRules: [{F06E4D28-A691-4C07-9410-2039FF4423D9}] => (Allow) C:\Program Files (x86)\LINE\LINE.exe (LINE Corporation -> LINE Corporation)
FirewallRules: [TCP Query User{71CCB605-7EB3-41BB-BF5A-0D8DC33B25A8}C:\users\dana\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\dana\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC -> Amazon Services LLC)
FirewallRules: [UDP Query User{EECCCD2A-53DB-43F4-8462-5AD678EA365C}C:\users\dana\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\dana\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC -> Amazon Services LLC)
FirewallRules: [TCP Query User{AD9AA2C7-F365-4F40-91AB-9D07FF6A2BAF}C:\users\dana\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\dana\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC -> Amazon Services LLC)
FirewallRules: [UDP Query User{C514B6CF-D388-4F38-952B-925484D0A15D}C:\users\dana\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\dana\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC -> Amazon Services LLC)
FirewallRules: [{1139B84A-D0C3-4325-AEA0-FC3417C0FBC1}] => (Allow) C:\Program Files (x86)\SoundTouch\SoundTouch.exe (Bose Corporation) [File not signed]
FirewallRules: [{9696F84C-E5E5-4F96-A3DD-0BD9AB57AAFC}] => (Allow) C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch Music Server.exe (Bose Corporation) [File not signed]
FirewallRules: [{DA68F1CE-0529-4ECF-9E5F-B4522ED6D986}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{300D5226-4C39-4451-B7A2-4FFB67E018B3}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{ED29899D-D3DB-4602-A77F-9E58265F4DA6}] => (Allow) C:\Users\Dana\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{B5F6D076-A9A7-4E49-A901-DD395CD8685E}] => (Allow) C:\Users\Dana\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{95B1F257-B4FA-4FE0-94DF-B849DC91276E}] => (Allow) C:\Users\Dana\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{913D7681-6483-488A-BE9C-3EE9A7F1EA67}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{357A6BFB-8250-41CE-B3E0-8D58D196312E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{3821372D-A256-4C32-A1F8-F93C553F85F6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{58320F58-81EA-46AB-A90E-FF7A241BF7D6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{16123F2F-8DEE-4ADD-84C2-A556BE07E2A9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{BDFDA149-6F82-4A5A-9601-96C707C663A0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{2D384D65-4DD2-4F1A-83E6-558D56B35419}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{17FB87A1-C361-4007-96F4-62497322ED11}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{0DA8DF78-AC56-4734-B5F9-CE8D4C0C6BC5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{93499286-B802-49B0-831C-A979ED16D62F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D18C854F-61A0-4711-B914-FA983026B48F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5A40A1F9-D8FE-4D86-A70F-A424F4D46AD6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0F6BB1A5-0ECE-45F9-82CA-352F8D26A735}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{9AF58514-4447-4523-92E4-A8A5203CF9E5}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{1EB9FBAA-E901-4315-B683-7DAF1F886FF6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{43709203-D780-42D7-A1AA-938461AC0577}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
==================== Restore Points =========================
==================== Faulty Device Manager Devices ============
Name: ExpressVPN TAP Adapter
Description: ExpressVPN TAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ExpressVPN
Service: tapexpressvpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: ========================
Application errors:
==================
Error: (04/14/2022 02:10:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ESETOnlineScanner.exe, version: 10.23.31.0, time stamp: 0x61e82da2
Faulting module name: WININET.dll, version: 11.0.19041.1566, time stamp: 0x58892bb7
Exception code: 0xc0000005
Fault offset: 0x00313278
Faulting process id: 0x33d8
Faulting application start time: 0x01d85043fff8eca0
Faulting application path: C:\Users\Dana\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Faulting module path: C:\WINDOWS\SYSTEM32\WININET.dll
Report Id: 9fa8a3fc-f319-4d45-8c71-247045dead85
Faulting package full name:
Faulting package-relative application ID:
Error: (04/13/2022 12:25:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettingsBroker.exe, version: 10.0.19041.746, time stamp: 0x230d5cd6
Faulting module name: ucrtbase.dll, version: 10.0.19041.789, time stamp: 0x2bd748bf
Exception code: 0xc0000409
Fault offset: 0x000000000007286e
Faulting process id: 0x810
Faulting application start time: 0x01d84f6c38a65722
Faulting application path: C:\Windows\System32\SystemSettingsBroker.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: 13bb7018-eb95-4a94-8b5c-0a0f61f2fe92
Faulting package full name:
Faulting package-relative application ID:
Error: (04/13/2022 11:22:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettingsBroker.exe, version: 10.0.19041.746, time stamp: 0x230d5cd6
Faulting module name: ucrtbase.dll, version: 10.0.19041.789, time stamp: 0x2bd748bf
Exception code: 0xc0000409
Fault offset: 0x000000000007286e
Faulting process id: 0x4240
Faulting application start time: 0x01d84f636e6f1a7a
Faulting application path: C:\Windows\System32\SystemSettingsBroker.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: bb194e6f-9fad-4c05-94cb-98076367d93b
Faulting package full name:
Faulting package-relative application ID:
Error: (04/13/2022 11:15:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ESETOnlineScanner.exe, version: 10.23.31.0, time stamp: 0x61e82da2
Faulting module name: WININET.dll, version: 11.0.19041.1566, time stamp: 0x58892bb7
Exception code: 0xc0000005
Fault offset: 0x00313278
Faulting process id: 0x43c
Faulting application start time: 0x01d84f627bcbe3e3
Faulting application path: C:\Users\Dana\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Faulting module path: C:\WINDOWS\SYSTEM32\WININET.dll
Report Id: 4b778ed9-7f66-4389-98ef-3a8b731d1174
Faulting package full name:
Faulting package-relative application ID:
Error: (04/13/2022 11:15:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ESETOnlineScanner.exe, version: 10.23.31.0, time stamp: 0x61e82da2
Faulting module name: WININET.dll, version: 11.0.19041.1566, time stamp: 0x58892bb7
Exception code: 0xc0000005
Fault offset: 0x00313278
Faulting process id: 0x3100
Faulting application start time: 0x01d84f62714bfde5
Faulting application path: C:\Users\Dana\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Faulting module path: C:\WINDOWS\SYSTEM32\WININET.dll
Report Id: c900ce54-7fda-4351-a72d-7205e7b02f9b
Faulting package full name:
Faulting package-relative application ID:
Error: (04/13/2022 11:14:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ESETOnlineScanner.exe, version: 10.23.31.0, time stamp: 0x61e82da2
Faulting module name: WININET.dll, version: 11.0.19041.1566, time stamp: 0x58892bb7
Exception code: 0xc0000005
Fault offset: 0x00313278
Faulting process id: 0x26a4
Faulting application start time: 0x01d84f624f2a03cd
Faulting application path: C:\Users\Dana\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Faulting module path: C:\WINDOWS\SYSTEM32\WININET.dll
Report Id: 06d62b3e-979a-4916-9570-6b54c3bc386c
Faulting package full name:
Faulting package-relative application ID:
Error: (04/13/2022 11:14:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ESETOnlineScanner.exe, version: 10.23.31.0, time stamp: 0x61e82da2
Faulting module name: WININET.dll, version: 11.0.19041.1566, time stamp: 0x58892bb7
Exception code: 0xc0000005
Fault offset: 0x00313278
Faulting process id: 0x39d8
Faulting application start time: 0x01d84f624273f2fe
Faulting application path: C:\Users\Dana\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Faulting module path: C:\WINDOWS\SYSTEM32\WININET.dll
Report Id: 1257a88e-a976-439e-8438-60e65c14ed35
Faulting package full name:
Faulting package-relative application ID:
Error: (04/13/2022 11:13:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ESETOnlineScanner.exe, version: 10.23.31.0, time stamp: 0x61e82da2
Faulting module name: WININET.dll, version: 11.0.19041.1566, time stamp: 0x58892bb7
Exception code: 0xc0000005
Fault offset: 0x00313278
Faulting process id: 0xdf0
Faulting application start time: 0x01d84f6238b398cd
Faulting application path: C:\Users\Dana\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Faulting module path: C:\WINDOWS\SYSTEM32\WININET.dll
Report Id: eaf6992c-cca0-42d1-bee6-6b7ffb971628
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (04/15/2022 08:03:29 AM) (Source: googledrivefs3688) (EventID: 2) (User: )
Description: The driver version of the disk does not match.
Error: (04/15/2022 08:03:26 AM) (Source: googledrivefs3688) (EventID: 2) (User: )
Description: The driver version of the disk does not match.
Error: (04/14/2022 03:00:24 PM) (Source: volsnap) (EventID: 35) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
Error: (04/14/2022 02:13:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Mozilla Maintenance Service service terminated with the following error:
Incorrect function.
Error: (04/13/2022 08:26:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Mozilla Maintenance Service service terminated with the following error:
Incorrect function.
Error: (04/13/2022 02:48:07 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Mozilla Maintenance Service service terminated with the following error:
Incorrect function.
Error: (04/12/2022 10:14:53 PM) (Source: googledrivefs3688) (EventID: 2) (User: )
Description: The driver version of the disk does not match.
Error: (04/12/2022 10:14:48 PM) (Source: googledrivefs3688) (EventID: 2) (User: )
Description: The driver version of the disk does not match.
Windows Defender:
================
Date: 2022-04-14 14:33:28
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-04-14 14:33:26
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-04-13 21:21:13
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:HTML/Phish.RA!MTB&threatid=2147756354&enterprise=0
Name: Trojan:HTML/Phish.RA!MTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Dana\AppData\Roaming\Thunderbird\Profiles\vw9wjk7j.default-release\ImapMail\mail.mailconfig.net\INBOX
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Mozilla Thunderbird\thunderbird.exe
Security intelligence Version: AV: 1.363.336.0, AS: 1.363.336.0, NIS: 1.363.336.0
Engine Version: AM: 1.1.19100.5, NIS: 1.1.19100.5
Date: 2022-04-13 21:20:40
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:HTML/Phish.RA!MTB&threatid=2147756354&enterprise=0
Name: Trojan:HTML/Phish.RA!MTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Dana\AppData\Roaming\Thunderbird\Profiles\vw9wjk7j.default-release\ImapMail\mail.mailconfig.net\INBOX
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Mozilla Thunderbird\thunderbird.exe
Security intelligence Version: AV: 1.363.336.0, AS: 1.363.336.0, NIS: 1.363.336.0
Engine Version: AM: 1.1.19100.5, NIS: 1.1.19100.5
Date: 2022-04-13 21:20:29
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:HTML/Phish.RA!MTB&threatid=2147756354&enterprise=0
Name: Trojan:HTML/Phish.RA!MTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Dana\AppData\Roaming\Thunderbird\Profiles\vw9wjk7j.default-release\ImapMail\mail.mailconfig.net\INBOX
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Mozilla Thunderbird\thunderbird.exe
Security intelligence Version: AV: 1.363.336.0, AS: 1.363.336.0, NIS: 1.363.336.0
Engine Version: AM: 1.1.19100.5, NIS: 1.1.19100.5
CodeIntegrity:
===============
Date: 2022-04-14 10:16:44
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO JBET73WW (1.37 ) 08/14/2019
Motherboard: LENOVO 20BX001EUS
Processor: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz
Percentage of memory in use: 55%
Total physical RAM: 11984.07 MB
Available physical RAM: 5387.51 MB
Total Virtual: 24272.07 MB
Available Virtual: 16198.73 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:231.82 GB) (Free:10.81 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.54 GB) (Free:0.5 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (stechetto@gmail.com - Google ...) (Fixed) (Total:15 GB) (Free:1.93 GB) FAT32
Drive h: (danag@hevanet.com - Google Drive) (Fixed) (Total:15 GB) (Free:10.27 GB) FAT32
\\?\Volume{d3d06843-b093-11e5-9863-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
\\?\Volume{a1c15582-0000-0000-0000-90fa39000000}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: A1C15582)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=231.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=530 MB) - (Type=27)
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 14.9 GB) (Disk ID: E9F389AB)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
Addition.txt
FRST.txt